Re: [Dots] Éric Vyncke's No Objection on draft-ietf-dots-architecture-16: (with COMMENT)
tirumal reddy <kondtir@gmail.com> Tue, 04 February 2020 03:12 UTC
Return-Path: <kondtir@gmail.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BF7712003E; Mon, 3 Feb 2020 19:12:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hU1pVSgIVSkt; Mon, 3 Feb 2020 19:12:41 -0800 (PST)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E37812002F; Mon, 3 Feb 2020 19:12:41 -0800 (PST)
Received: by mail-io1-xd31.google.com with SMTP id i11so19191797ioi.12; Mon, 03 Feb 2020 19:12:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=J2VoPQvlz0SBZ2WxzKh2RNPyntPGMZ1gRbyyPMH24J0=; b=s0T98/0J8jjipapeDxortt8lm7okHjTwDOFC7SF68Jo75CETj4QOFc2xzZ8haBjsIT H5EIKgZrH8VsuQmJ0889ScK1CHKsb6u5gUpNW4fe7QaDrOH2BSwJGCbGoew06n+WHIOa QGI3q3m/Qx9YHH6MBB42bArC7QpLRaNkiLj7yYgJ9gnT+Eiw9Uk7C5frz4yK0aH4rr46 GGC4I6ZoT4ml/bokkHY7HSmKBywXxYwM+i9MCaZCVAOIM4QA9M9q+6X3wKirJF1PDROQ wdi8n3HMVor39mE1TcVvORFuy79mu7qnR1QR83AsGTpje+CBQMkoOEH4FdVozfGWxk6l TFVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=J2VoPQvlz0SBZ2WxzKh2RNPyntPGMZ1gRbyyPMH24J0=; b=sFKhXkPdSue/v0MAx53gpgy7riWiYSueNJFmkRblGpV9ijM6YqEpsBWVrOKlqjX7XQ 6shSAzdfpAmeluV9XBjjmz1X9QMHAMbBiuet7zgn93OfhAxonLq86m6nobqUni7RZ0h3 lcJVfZxf5iKfZq2m8QOSdDIRinqfaFD9In0dQj+x7JiEvchEwpTz8k5eOJ2UCyYGSVy9 +LhQmrcn7m9Pvyqp8qvhokkHSZKDrzKS2zRrjjHUepy5YbveBkapZhK9pBylOh6cRPAu uyZzXbexYbAFNhQd/JpKTeqPCTjnNXYP9T6O3eTqMqw3UXmstCjDcQ5uUzAhQ1dqdStD xQEA==
X-Gm-Message-State: APjAAAVqGp39AGF1TFaRVb4qTi3USMG2Phq62myQEGBcymNpEl8SYAp/ sGOUqCnaz+sv+IXKZaTmXtMX/Ubh42PRG6TqAgs=
X-Google-Smtp-Source: APXvYqxRJOH2QRNULfdm/Px9iz57Yp8RgCefuqVw8YtUf5c9y6vTzKaGK0Cp0tZhKIDu+PSDZZOpaR+Wmj/pH3izO5g=
X-Received: by 2002:a6b:7c04:: with SMTP id m4mr22113996iok.208.1580785960674; Mon, 03 Feb 2020 19:12:40 -0800 (PST)
MIME-Version: 1.0
References: <158072512768.28459.10822203567819861277.idtracker@ietfa.amsl.com>
In-Reply-To: <158072512768.28459.10822203567819861277.idtracker@ietfa.amsl.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Tue, 04 Feb 2020 08:42:26 +0530
Message-ID: <CAFpG3gfiktWgo=o3a23MUTg3APHgAfGPcpS3Vkg-7tGM7TW2Qw@mail.gmail.com>
To: Éric Vyncke <evyncke@cisco.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-dots-architecture@ietf.org, Roman Danyliw <rdd@cert.org>, Valery Smyslov <valery@smyslov.net>, dots-chairs@ietf.org, dots@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a6ef77059db7699a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/3H1I7aXm9GPKO3QS2QIqJlolGdc>
Subject: Re: [Dots] Éric Vyncke's No Objection on draft-ietf-dots-architecture-16: (with COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Feb 2020 03:12:44 -0000
Hi Eric, Thanks for the review. Please see inline On Mon, 3 Feb 2020 at 15:48, Éric Vyncke via Datatracker <noreply@ietf.org> wrote: > Éric Vyncke has entered the following ballot position for > draft-ietf-dots-architecture-16: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-dots-architecture/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Dear authors, > > Thank you for the work put into this document. As a side note, I really > liked > the section about the manual/over-the-phone part of it. > > Until now, I have read only this document (dots-architecture) from the > dots WG, > so, please accept my ignorance for details. But, I have a couple of > non-blocking questions where your reply will be welcome and appreciated: > > Q1) is the monetary cost part of the DOTS signaling ? (I.e., the mitigator > telling the target that it will cost so many EUR per hour) > No, monetary cost is not part of the DOTS signaling. > > Q2) Using DOTS in an under-attack network, did you consider recommending > dual-stack signaling to cope with the rare case where IPv4 is disrupted > while > IPv6 still works (of course if the DoS is plain flooding this won't help a > lot > probably; and the dual proposition exists). > Yes, Happy Eyeballs for DOTS signal channel is discussed in https://tools.ietf.org/html/draft-ietf-dots-signal-channel-41#section-4.3 > > Q3) While I appreciate the value of Anycast DOTS server, hence UDP is > mostly > required for signaling transport, I wonder whether the choice of UDP (often > used AFAIK as volumetric attack as it is easier to spoof) is a good choice > compared to TCP or DSCP or ... > Both DTLS over UDP and TLS over TCP is used by the DOTS signal channel (UDP is given higher precedence than TCP). DTLS is capable of defending against DoS attack by using the stateless cookie mechanism (see https://tools.ietf.org/html/rfc6347#section-4.2.1) > > Q4) When having multiple DOTS servers, I assume that the case of a > dual-stack > DOTS server is also covered. Therefore, a word on whether Happy Eyeball > (RFC > 8305) should probably be useful **IF** applicable > Happy Eyeball is discussed in detail in the DOTS signal channel protocol specification. Cheers, -Tiru > > Regards > > -éric > > Regards, > > -éric > > >
- [Dots] Éric Vyncke's No Objection on draft-ietf-d… Éric Vyncke via Datatracker
- Re: [Dots] Éric Vyncke's No Objection on draft-ie… tirumal reddy
- Re: [Dots] Éric Vyncke's No Objection on draft-ie… Eric Vyncke (evyncke)